|
|
|
|
|
|
by pera
3438 days ago
|
|
|
> Key change notifications are off by default in WhatsApp. That's probably going to be a fundamental limit of any application that serves billions of people from many different demographics all over the world. I'm not sure what exactly is the reason for that, is it UX? like if someone get a new phone and creates a new key pair their friends will get scared because of the warnings? > Even if they were on by default, a fact of life is that the majority of users will probably not verify keys. That is our reality. Another fact of life are bad password choices, which is why gmail don't let you use "love", "sex" and "secret" as a password :) Browsers, for instance, throw warnings when something is wrong with a cert. Even when 99% of the time it's some domain name issue or expiration date, I think it's a nice default. By letting Facebook rekey anytime you (fig) are making them kind of a CA. I don't think there is a good reason for that, specially not when Whatsapp claims that even they can't read your messages... it feels dishonest to me. But then again this is just a messaging app downloaded from Google Play running on Android, my expectations aren't too high... |
|
|